Five Most Common Security Attacks on Two-Factor Authentication

Sophisticated malware known as a man-in the-browser – such as Zeus – allows an attacker to falsify a user’s browser display, making the user think that the website is doing what they intend while actually it is doing something completely different, directed by an attacker. The best countermeasure for this is the use of a two-factor technology that independently and securely displays to the user the nature of a transaction being approved. Ideally, this independent display would be on a different device using an independent communications channel.

Following some high-profile password hacks, companies like Apple, Twitter and Evernote have moved to shore up their systems with two-factor authentication. Said to be a great missing security link in many password-driven systems, two-factor authentication technologies that are most widely used today are actually fraught with many of the same risks as password-driven systems.

If you’re considering two-factor authentication, you should consider some of the most common attacks, identified by Jim Fenton, CSO at digital identity provider OneID, on two-factor authentication. Of course, there are many more than five attacks in the world, but these should give a starting point for evaluating others. These examples illustrate the importance of thinking broadly about how two-factor authentication can be defeated. You can be assured that the attackers are doing so.

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ... More >>